Annajwaszahro
/
MIF_E31222691
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Tweak the CSRF token a little more.

This commit is contained in:
Taylor Otwell 2011-11-03 09:21:27 -05:00
parent d0c3d65722
commit aa55f3441f
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
laravel/session.php
View File

@ -37,13 +37,16 @@ public static function start(Driver $driver)
{ {
static::$exists = false; static::$exists = false;
static::$session = array('id' => Str::random(40), 'data' => array());
}
if ( ! static::has('csrf_token'))
{
// A CSRF token is stored in every session. The token is used by the // A CSRF token is stored in every session. The token is used by the
// Form class and the "csrf" filter to protect the application from // Form class and the "csrf" filter to protect the application from
// cross-site request forgery attacks. The token is simply a long, // cross-site request forgery attacks. The token is simply a long,
// random string which should be posted with each request. // random string which should be posted with each request.
$csrf_token = Str::random(40); static::put('csrf_token', Str::random(40));
static::$session = array('id' => Str::random(40), 'data' => compact('csrf_token'));
} }
} }